By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

discovered by security researcher Chris Vickery, according to a report posted on DataBreaches.net, and was openly accessible for over a week before being taken down.

"I believe this is every registered voter in the entire country. To be very clear, this was not a hack," Vickery wrote in a post on Reddit. "The mysterious, insecure database is currently configured for public access. No password or other authentication is required at all."

The database records include full name, telephone number, home and mailing addresses, date of birth and voter information, including party affiliation and voting history since 2000.

While voter registration information is generally part of the public record, there are usually restrictions placed on how it may be acquired or used. For example, in South Dakota, those requesting voter registration data must sign this statement:

"In accordance with SDCL 12-4-41, I understand that the voter registration data obtained from the statewide voter registration database may not be used or sold for any commercial purpose and may not be placed for unrestricted access on the Internet."

While some states place no restrictions on the use of voter registration data, many require that the data only be used for political purposes, or state that it may not be made available to be accessed by users outside of the U.S. Many states also charge sometimes significant amounts for acquiring their voters' registration information. "Prices range from a simple $5 processing fee to as high as the $29k fee charged by Alabama in 2012 for approximately 3 million voter registration records," according to political data firm NationBuilder. They estimated the cost for all U.S. voter registration data to be over $100,000.

Based on "some data field labels that looked like they might be unique or proprietary," the database appears to have originated with NationBuilder, according to DataBreaches.net.

"While the database is not ours, it is possible that some of the information it contains may have come from data we make available for free to campaigns," NationBuilder founder and CEO Jim Gilliam said in a statement released after the disclosure. "From what we've seen, the voter information included is already publicly available from each state government, so no new or private information was released in this database."

DataBreaches.net had some suggestions as to who was responsible. "Could it be one of their non-hosted clients leaking the database? Maybe. Could it be that someone hacked one of their clients and stored a copy of the database at this IP address? Maybe. Could it be that an employee of a client decided to make themselves a copy for their own purposes? Maybe. The possibilities are numerous. We really don't know, and DataBreaches.net declines to speculate."

4 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

No more severe than any of the countless other breaches. Let's face it - we are naked and exposed. Our most private information is being sold right now by States too dumb to realize what they have. Then it's sold over and over again and again, while we sit here discussing the problem.

There should be a law.... Oh wait, there is. Except the bad guys don't pay attention to that. And the good folk are too weak-willed to stop it.

Although people may be outraged about the existence of this comprehensive database, the fact remains that voter registration data is public information, and while the database was not properly secured it can't really be considered a breach.

I would personally prefer to see public information more accessible to the public, though it's worth reconsidering how much personal information should be public.